| ▲ | PunchyHamster 9 hours ago | |
What worries me more about the push for shorter and shorter cert terms instead of making revoking that works is that if provider fails now you have very little time to switch to new one | ||
| ▲ | jsheard 9 hours ago | parent | next [-] | |
Some ACME clients can failover to another provider automatically if the primary one doesn't work, so you wouldn't necessarily need manual intervention on short notice as long as you have the foresight to set up a secondary provider. | ||
| ▲ | mcpherrinm 7 hours ago | parent | prev | next [-] | |
This is a two-sided solution, and one significant reason for shorter certificate lifetimes helps make revocation work better. | ||
| ▲ | cpach 9 hours ago | parent | prev [-] | |
People have tried. Revocation is a very hard problem to solve on this scale. | ||